Name of the Vulnerable Software and Affected Versions PHP versions prior to the fixed version

Description The issue is related to several bugs in PHP, including an out-of-bounds read due to insufficient input validation in the imageloadfont() function, a buffer overflow in the hash update() function on long parameters, a session creation issue with user-defined save handlers lacking a validateId() method, and a problem with stream select() not aborting upon exception or empty valid file descriptor set.

Recommendations For versions prior to the fixed version, update to the latest version to resolve the issues. As a temporary workaround, consider restricting the use of the imageloadfont(), hash update(), session create id(), and stream select() functions until a patch is available. Restrict access to user-defined save handlers without a validateId() method to minimize the risk of session creation issues. Avoid using long parameters in the hash update() function until the issue is resolved.